Privacy Policy

Last updated: December 13, 2025

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly when you create an account, use our services, or communicate with us:

  • Email Authentication: Email address when you sign in via magic link
  • Google OAuth: Email address from your Google account (if you choose to sign in with Google)
  • Profile Information: Any additional information you add to your account
  • Content: Images you upload for text overlay processing
  • Payment Information: Processed securely by Stripe (we do not store card details)
  • Communications: Messages sent to our support team

1.2 Automatically Collected Information

  • Authentication Data: Login timestamps, IP addresses, session tokens, device information
  • Usage Data: Features used, pages viewed, time spent, actions taken
  • Technical Data: Browser type, operating system, device identifiers
  • Cookies and Tracking: Session cookies, analytics cookies, Meta Pixel for advertising analytics

1.3 Third-Party Information

  • Google: When you authenticate via Google OAuth, we receive only your email address for account creation and authentication
  • Meta (Facebook): We use Meta Pixel to measure advertising effectiveness. Meta may collect information about your visit to our site

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as required by the UK GDPR and EU GDPR:

  • Contract Performance: Processing necessary to provide our services, authenticate your account, and process payments
  • Consent: Marketing communications, optional features, and non-essential cookies (you may withdraw consent at any time)
  • Legitimate Interests: Fraud prevention, security monitoring, service improvement, and analytics
  • Legal Obligation: Tax compliance, data breach reporting, and responding to lawful requests

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI text overlay services
  • Authenticate your account via magic link or Google OAuth
  • Process your images using our AI algorithms for face/object detection and text placement
  • Manage your account and provide customer support
  • Process payments and manage subscriptions
  • Send you technical notices, security alerts, and service updates
  • Analyze usage patterns to improve our service (with your consent via analytics cookies)
  • Measure advertising effectiveness through Meta Pixel
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Image Processing and AI

When you upload images to our service:

  • Images are processed by our AI algorithms to detect faces, objects, and determine optimal text placement
  • AI processing is automated but does not make decisions that significantly affect you without human oversight
  • We temporarily store images during processing (usually less than 24 hours)
  • Processed images are stored in your account for easy access and editing
  • We do not use your images to train our AI models or share them with third parties for AI training
  • You retain all rights to your original images and created designs

Your Rights: You have the right to object to automated processing and request human review if needed. Contact us at info@overvisual.com.

5. Third-Party Service Providers

We work with trusted third-party service providers to deliver our services. These providers have access to personal data only as necessary to perform their functions and are obligated to protect your information:

  • Supabase: Database hosting, authentication services, and file storage (data stored in secure cloud infrastructure)
  • Google: OAuth authentication services (Google Privacy Policy)
  • Stripe: Payment processing (Stripe Privacy Policy)
  • Meta (Facebook): Advertising analytics via Meta Pixel (Meta Privacy Policy)
  • Email Service Providers: For sending magic link authentication emails and service notifications

6. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited situations:

  • Service Providers: With third-party providers listed above who assist our operations under strict data processing agreements
  • Legal Requirements: To comply with laws, regulations, court orders, or lawful government requests
  • Rights Protection: To protect our rights, property, safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • Your Consent: With your explicit consent for specific purposes

7. Data Security

We implement appropriate technical and organizational security measures to protect your information, including: encryption in transit (TLS/SSL) and at rest, secure cloud infrastructure, regular security audits, access controls, and authentication security. However, no internet transmission or electronic storage is 100% secure. Please use strong passwords and keep your login credentials confidential.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained while your account is active and for up to 30 days after deletion (unless required longer for legal purposes)
  • Images and Projects: Retained in your account until you delete them
  • Payment Records: Retained for 7 years for tax and accounting compliance
  • Authentication Logs: Retained for 90 days for security purposes
  • Marketing Data: Retained until you withdraw consent or request deletion

You can delete your account and request data deletion at any time by contacting info@overvisual.com.

9. Your Privacy Rights

9.1 Rights Under UK GDPR and EU GDPR

If you are located in the UK or EU, you have the following rights:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your supervisory authority

UK Users: You can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

9.2 Rights Under Canadian Privacy Laws (PIPEDA)

If you are located in Canada, you have the following rights:

  • Right to Access: Request access to your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Withdraw Consent: Withdraw consent for certain uses of your information
  • Right to Challenge: Challenge our compliance with privacy laws
  • Right to File a Complaint: File a complaint with the Privacy Commissioner of Canada

Canadian Users: You can file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us at info@overvisual.com with the subject "Privacy Rights Request." We will respond within 30 days (or as required by applicable law). You may need to verify your identity before we process your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our service and improve your experience:

10.1 Essential Cookies

Required for the service to function (these cannot be disabled):

  • Authentication: Session cookies to keep you logged in
  • Security: CSRF protection and security tokens
  • Functionality: Remember your preferences and settings

10.2 Analytics and Performance Cookies

Help us understand how users interact with our service (requires consent):

  • Usage Analytics: Track page views, feature usage, and user interactions
  • Performance Monitoring: Identify errors and performance issues

10.3 Advertising Cookies

Used for advertising measurement (requires consent):

  • Meta Pixel: Facebook/Instagram advertising tracking and conversion measurement. This cookie tracks your interactions with our site and may be used by Meta for targeted advertising across their platforms.

10.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality. To opt-out of Meta Pixel tracking, visit Facebook's ad settings or use browser extensions like uBlock Origin or Privacy Badger.

11. International Data Transfers

Overvisual is operated by a company based in Lithuania (European Union). Your information may be transferred to and processed in countries other than your own, including:

  • EU/EEA: Primary data storage and processing within the European Union
  • United States: Third-party services (Google, Meta, Stripe) may process data in the US
  • Other Countries: As required by our cloud infrastructure providers

Safeguards for International Transfers

We ensure appropriate safeguards are in place for international data transfers:

  • UK Users: Transfers comply with UK GDPR requirements. The UK recognizes the EU as providing adequate protection.
  • Canadian Users: Transfers comply with PIPEDA. We use Standard Contractual Clauses (SCCs) and data processing agreements with all third-party processors.
  • US Transfers: We work with service providers that participate in relevant privacy frameworks and implement supplementary measures as needed.
  • Data Processing Agreements: All third-party processors are bound by strict data protection obligations.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the appropriate supervisory authority within 72 hours of becoming aware (as required by GDPR)
  • Notify affected users without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach, potential consequences, and mitigation steps
  • Take immediate action to secure systems and prevent further unauthorized access

13. Children's Privacy

Our service is not intended for children under the age of 16 (or 13 with verifiable parental consent where applicable). We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our service or provide any personal information. If we discover we have collected information from a child under 16 without proper consent, we will delete it immediately. Parents or guardians who believe we may have collected information from their child should contact us at info@overvisual.com.

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated via email or through a prominent notice on our service at least 30 days before they take effect. Your continued use of our service after changes become effective constitutes acceptance of the updated policy. The "Last updated" date at the top of this policy indicates when it was last revised.

15. Data Controller Information

The data controller responsible for your personal information is:

Company Name: Iamjunior, MB
Address: Architektų g. 58-67, LT-04111 Vilnius, Lithuania
Email: info@overvisual.com
Website: www.overvisual.com

16. Contact Us

If you have questions about this privacy policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

Email: info@overvisual.com
Address: Iamjunior, MB, Architektų g. 58-67, LT-04111 Vilnius, Lithuania
Subject Line for Privacy Requests: "Privacy Rights Request"

Supervisory Authorities:
• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Canada: Office of the Privacy Commissioner of Canada - priv.gc.ca
• EU/Lithuania: State Data Protection Inspectorate - vdai.lrv.lt